How does this philosophy handle identifiers like file names, folder structures, and especially database indexes? Seems like the server is going to need to have some knowledge of these. Unless everything is done within a secure enclave?
It seems to me that security through compartmentalization, implemented in Qubes OS, has more advantages, including that you will not need to reimplement everything from scratch.